Privacy Policy

How Afri-Conseil & Associates collects, uses, and protects your personal data

← Back to Home
Last Updated: March 2026

1. Data Controller Information

Afri-Conseil & Associates ("we", "us", "our") is the data controller responsible for your personal data.

Contact Details:
Email: nadia.laurent@afri-conseil.com
Address: Available upon request
Contact Person: Nadia Laurent, Client Relations Manager

We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the South African Protection of Personal Information Act 2013 (POPIA).

2. Types of Information We Collect

We collect the following categories of personal data:

  • Identity Information: Full name, position/title, professional credentials
  • Contact Information: Email address, phone number, mailing address, company address
  • Organisational Information: Company name, organisation type, industry, business registration numbers
  • Transaction Information: Service purchased, template selected, quotation details, payment information, contract value, duration
  • Communication Data: Email correspondence, enquiry content, questionnaire responses
  • Legal Information: Beneficial ownership data, sanctions screening results, due diligence findings (for KYC services)
  • Technical Data: IP address, browser type, pages visited, time spent on site (via analytics)

3. Legal Basis for Processing

We process your personal data on the following legal bases:

  • Contract Performance (Article 6(1)(b) GDPR / Section 11(1)(a) POPIA): To provide Services, generate quotations, deliver documents, and manage the engagement
  • Legal Obligation (Article 6(1)(c) GDPR / Section 11(1)(d) POPIA): To comply with anti-money laundering, sanctions, and tax obligations
  • Legitimate Interest (Article 6(1)(f) GDPR / Section 11(1)(f) POPIA): To improve Services, prevent fraud, maintain professional standards, and protect legal interests
  • Consent (Article 6(1)(a) GDPR / Section 11(1)(e) POPIA): For marketing communications (where you have opted in) and analytics

4. How We Use Your Information

We use your personal data for the following purposes:

  • Providing legal Services and delivering Deliverables
  • Generating quotations and processing orders
  • Invoicing and payment processing
  • Communicating with you about your engagement and requests
  • Conducting due diligence, KYC, and sanctions screening
  • Maintaining client records and audit trails
  • Complying with legal and regulatory obligations
  • Preventing fraud and protecting security
  • Improving and enhancing our Services (aggregated, anonymised data only)
  • Sending newsletters and marketing communications (with your consent)
  • Responding to enquiries and providing customer support

5. Data Sharing

We may share your personal data with the following recipients:

  • Professional Advisors: Accountants, auditors, insurance brokers, and tax advisors (subject to confidentiality agreements)
  • Payment Processors: Credit card processors, payment gateways, and banking partners for transaction processing
  • IT Service Providers: Cloud storage, email, and software providers who process data on our behalf
  • Legal Authorities: Regulatory bodies, law enforcement, and courts where required by law
  • Regulatory/Sanctions Providers: Third-party sanctions and PEP screening providers

We do NOT sell, rent, or trade your personal data to third parties for marketing purposes.

6. International Data Transfers

Your personal data may be transferred to, stored in, and processed in jurisdictions outside the UK and South Africa, including the United States and European Union.

These transfers are made on the basis of:

  • Adequacy Decisions (UK to EU adequacy jurisdictions)
  • Standard Contractual Clauses (SCCs) for transfers where no adequacy decision exists
  • Binding Corporate Rules and equivalent safeguards

Where transfers occur, we ensure appropriate safeguards are in place to protect your data in accordance with GDPR and POPIA requirements.

7. Data Retention

We retain your personal data for the following periods:

  • Active Client Data: Duration of engagement plus 7 years (for legal, tax, and audit purposes)
  • Enquiry Data (non-clients): 2 years or until you request deletion
  • Marketing Lists: Until you unsubscribe or object
  • Transaction Records: 7 years (for financial and regulatory compliance)
  • Technical Data (Cookies/Analytics): As specified in our Cookie Policy

After the retention period, data is securely deleted or anonymised.

8. Your Data Subject Rights

Under GDPR and POPIA, you have the following rights:

  1. Right of Access: Request a copy of your personal data held by us (Data Subject Access Request)
  2. Right to Rectification: Request correction of inaccurate personal data
  3. Right to Erasure: Request deletion of your data ("right to be forgotten") where no legal obligation requires retention
  4. Right to Restrict Processing: Request that we limit how we process your data
  5. Right to Data Portability: Request that we provide your data in a portable format
  6. Right to Object: Object to processing based on legitimate interest or direct marketing
  7. Right to Withdraw Consent: Withdraw consent for processing where consent is the legal basis

To exercise any of these rights, contact: nadia.laurent@afri-conseil.com

We will respond to requests within 30 days (GDPR) or as required by POPIA.

9. Cookie Information

We use cookies and similar tracking technologies on our website. See our Cookie Policy for detailed information about:

  • Types of cookies used (strictly necessary, performance, functionality, targeting)
  • Third-party cookies and analytics providers
  • How to manage and disable cookies

You can access the full Cookie Policy at www.afri-conseil.com/cookie-policy.html

10. Children's Privacy

Our Services are designed for business professionals and organisations, not children. We do not intentionally collect personal data from individuals under age 18. If we become aware that we have collected data from a minor, we will delete it promptly. If you believe we have collected data from a child, please contact us immediately.

11. Security

We implement appropriate technical and organisational security measures to protect your personal data from unauthorised access, alteration, disclosure, or destruction, including:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Access controls and authentication requirements
  • Regular security audits and penetration testing
  • Staff confidentiality agreements and data protection training
  • Incident response procedures

However, no system is completely secure. We cannot guarantee absolute security, and transmission of data over the internet is at your own risk.

12. Data Breach Notification

If we experience a personal data breach that poses a risk to your rights and freedoms, we will notify affected individuals without undue delay in accordance with GDPR and POPIA requirements, including details of the breach and steps taken to mitigate harm.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by email or by posting a notice on our website. Your continued use of our Services following notice of changes constitutes acceptance of the updated policy.

14. Contact and Complaints

For privacy questions or to exercise your rights:
Email: nadia.laurent@afri-conseil.com

UK Supervisory Authority:
Information Commissioner's Office (ICO)
Website: www.ico.org.uk
You have the right to lodge a complaint with the ICO regarding our data processing practices.

South Africa Supervisory Authority:
Information Regulator (South Africa)
Website: www.inforegulator.org.za
You have the right to lodge a complaint with the Information Regulator regarding our POPIA compliance.